In our plan, the feature is designed for HTTPS offloading case and
other applications which use kernel RSA/ecdsa by keyctl syscall.
Hi Zhenwei,
what is the % of time spent doing asymmetric key operations in your
benchmark? I am not very familiar with crypto acceleration but my
understanding has always been that most time is spent doing either
hashing (for signing) or symmetric key operations (for encryption).
If I understand correctly, without support for acceleration these
patches are more of a demonstration of virtio-crypto, or usable for
testing purposes.
Would it be possible to extend virtio-crypto to use keys already in the
host keyctl, or in a PKCS#11 smartcard, so that virtio-crypto could also
provide the functionality of an HSM? Or does the standard require that
the keys are provided by the guest?
Paolo
